User Administration and Security - Troubleshooting

Table of Contents

Verify LDAP Configuration on External Domain

The secure Lightweight Directory Access Protocol (LDAP) should only be enabled when the external domain client has been configured to use the secure LDAP (with the proper SSL certificate). If this protocol is enabled from the Add New Domain Controller dialog box, but not configured from the external domain, then the feature is not enabled. To verify whether the external domain client has been configured for LDAP with the proper SSL certificate, complete the following:

  1. Launch the Microsoft LDP utility, which is an LDAP client query utility. For more information about this utility, including installation, see http://technet.microsoft.com/en-us/library/cc772839.aspx
  2. Click the Connections menu option, and select Connect.
  3. From the Connect dialog box, enter the following information:
    • Server: Enter the name of the external domain server, e.g., computer.domain.com.
    • Port: Enter 636 as the port number for the external domain server.
    • SSL: Mark this checkbox to check for the proper certificate.
  4. Click OK. If properly configured for LDAP, the external domain server details will be displayed in the LDP windowpane. If not configured for use with LDAP, an error message will appear indicating that a connection cannot be made using this feature.

Unable to Sign In to Web Console Using Single Sign On (SSO)

In order to enable Single Sign On login for the Web Console, make sure that you have the latest version of Java with all the updates on the Web Console computer.

  1. Stop the Tomcat services.
  2. Download and install the latest version of Java. A minimum version of Java 7 Update 17 (JRE 1.7.0_17) is required.
  3. From the command prompt window, execute the following command to verify that Java is installed correctly on the computer: 

    java -version

    If the version is lower than Java 7 Update 17 (JRE 1.7.0_17), make sure to install the latest version of Java.

  4. Start the Tomcat services.
  5. If the Tomcat services fail to start, manually point the JVM to the Tomcat services using the following steps. Otherwise, skip this step and proceed to the next section.
    1. Open the command prompt window and navigate to <software installation path>\Apache\bin folder and execute the following command:

      tomcat6w.exe //ES//GxTomcatInstance001

      where, Instance001 is the instance installed on the computer.

    2. In the Tomcat services Instance properties dialog box, click the Java tab, and clear the Use default check box.
    3. Type the path to the Java Virtual Machine. For example: C:\Program Files\Java\jre7\bin\server\jvm.dll

    Make sure the path to the bin folder under the JRE installation is part of the PATH environment variable. For example, if Java is installed on C:\Program Files\Java\jre7, make sure the path environment variable is set to C:\Program Files\Java\jre7\bin folder.

Failed to Log On to the CommCell Console

Symptom

Login to the CommCell Console failed with the following connection error:

Cause

The Entrust Certificate is missing on the computer which has the CommServe software installed.

Resolution

You have to manually install the Entrust Certificate using the following steps:

  1. Logon to the computer where the CommServe has been installed.
  2. Go to Start | Program Files | SnapProtect  | SnapProtect | Base.
  3. Right-click CVSession.dll and point to Properties.

  4. Click Digital Signatures tab, select SnapProtect in the Signature list and click Details.

  5. Click View Certificate in the General tab of the Digital Signature Details dialog box.

  6. Click Certification Path tab, select Entrust (2048) and click View Certificate.

  7. Click Install Certificate and follow the installation wizard by accepting default values.

  8. Click on Entrust Code Signing Certification Authority-L1D and View Certificate option. Repeat Step-7 to follow the installation wizard and complete the installation process.